Beta Bot a New Cybercriminal Favorite?

The FraudAction Research Library of RSA reports that hackers are buying malware designed for the perpetration of financial cybercrimes. One Trojan, Beta Bot, has undergone reconstruction, its new and improved version released on the malware market in January of this year. It is not yet a popular item, but certainly one to watch out for.

New and Improved Beta Bot

Beta Bot was formerly a nuisance bit of typical Trojan malware designed to perform automated functions on a webpage. But it has recently been redesigned into a formidable banking Trojan with an instinct for survival. This invasive virus can evade detection and disable other programs such as anti-virus software. It can even block user access to websites that provide security software. This makes it impossible for users to detect or remove without special help.

RSA’s Cyber-crime and Online-Fraud Specialist LimorKessem reported that the malware for sale for about $300-$500 allows cybercriminals root access to the computers that have been infected. Beta Bot sends gathered information from compromised computers to the hacker’s database for easy access anytime. It also gains control over Windows interface prompts and allows the hacker control over the computer’s processes. Encouraging more clicks from the user gets the hacker deeper into the system.

Once activated, Beta Bot automatically downloads malware to the user’s PC and spreads to other applications such as Skype. It can also move through USB connections. The malware then prompts further action from users to visit webpages that contain more malicious files. Bata Bot renders current anti-virus software useless, and additional user protection is needed to prevent this Trojan from taking over completely. In addition to basic online safety practices, the use of a VPN is recommended.

Beta Bot’s Wide Reach

Beta Bot was discovered by accident, and has been found to have already infected some banks and payment platforms, social network websites, game websites, online retailers, domain registers and webmail hosts. Aside from gaining control over infected PCs, the virus kills off any competition by locking out other malware. It then owns distributed denial-of-service for the hacker. It is difficult to avoid visiting these types of websites, and with anti-virus disabled by Beta Bot, the last line of defense that users have is the data encryption provided by VPN services.

The one weakness of Beta Bot is that it requires user approval for any actions. But this is the same behavior of any legitimate software, and users are easily lured into clicking “OK”. Having control over the interface prompts, the Trojan masquerades as an official Windows message prompting approval for the Windows Command Processor to modify the PC’s settings. Users should know that this is a sign of infection since the Windows Command Processor is a default process which runs automatically and will therefore never request for user permission. Users who are unfamiliar with how the Window OS functions will undoubtedly have trouble reading these signs. It is still therefore best practice to take precautions and secure the computer’s data with strong encryption software.

The Trojan of the Future?

Ironically, the multi-functional Beta Bot is not one of the more popular tools among cyber criminals. The broad scope of the Trojan makes it unattractive to hackers focused on bank fraud. It is also not easily modified from the hacker’s end, making it less usable for specific attacks. But it is constantly being updated and if its progression over the past half year is any indication, it is sure to become a very challenging opponent by the close of this year. A move by banks and other financial institutions to get ahead of the Trojan before it can gain more ground is underway. Users alerted to this threat are also encouraged to take steps to prevent their PCs from being added to the Beta Bot network and used to gain access to financial accounts.

To read more about the data encryption capabilities of different VPN software, details on different providers can be found here.